Merge 9492a64005 into 806a91f7bf

Merge pull request #11688 from roberth/meson-tidy
Clean up the `package.nix` files
2024-10-18 00:16:11 -04:00 · 2024-10-15 11:30:18 +02:00 · 2024-10-14 17:40:46 +02:00 · 2024-10-14 14:50:31 +02:00 · 2024-10-14 14:35:37 +02:00 · 2024-10-14 14:10:36 +02:00
35 changed files with 164 additions and 406 deletions
--- a/packaging/dependencies.nix
+++ b/packaging/dependencies.nix
@ -38,6 +38,10 @@ let
  # Indirection for Nixpkgs to override when package.nix files are vendored
  filesetToSource = lib.fileset.toSource;

+  /** Given a set of layers, create a mkDerivation-like function */
+  mkPackageBuilder = exts: userFn:
+    stdenv.mkDerivation (lib.extends (lib.composeManyExtensions exts) userFn);
+
  localSourceLayer = finalAttrs: prevAttrs:
    let
      workDirPath =
@ -60,6 +64,28 @@ let
      workDir = null;
    };

+  mesonLayer = finalAttrs: prevAttrs:
+    {
+      nativeBuildInputs = [
+        pkgs.buildPackages.meson
+        pkgs.buildPackages.ninja
+      ] ++ prevAttrs.nativeBuildInputs or [];
+    };
+
+  mesonBuildLayer = finalAttrs: prevAttrs:
+    {
+      nativeBuildInputs = prevAttrs.nativeBuildInputs or [] ++ [
+        pkgs.buildPackages.pkg-config
+      ];
+      separateDebugInfo = !stdenv.hostPlatform.isStatic;
+      hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
+    };
+
+  mesonLibraryLayer = finalAttrs: prevAttrs:
+    {
+      outputs = prevAttrs.outputs or [ "out" ] ++ [ "dev" ];
+    };
+
  # Work around weird `--as-needed` linker behavior with BSD, see
  # https://github.com/mesonbuild/meson/issues/3593
  bsdNoLinkAsNeeded = finalAttrs: prevAttrs:
@ -172,14 +198,27 @@ scope: {

  inherit resolvePath filesetToSource;

-  mkMesonDerivation = f: let
-    exts = [
+  mkMesonDerivation =
+    mkPackageBuilder [
+      miscGoodPractice
+      localSourceLayer
+      mesonLayer
+    ];
+  mkMesonExecutable =
+    mkPackageBuilder [
      miscGoodPractice
      bsdNoLinkAsNeeded
      localSourceLayer
+      mesonLayer
+      mesonBuildLayer
+    ];
+  mkMesonLibrary =
+    mkPackageBuilder [
+      miscGoodPractice
+      bsdNoLinkAsNeeded
+      localSourceLayer
+      mesonLayer
+      mesonBuildLayer
+      mesonLibraryLayer
    ];
-  in stdenv.mkDerivation
-   (lib.extends
-     (lib.foldr lib.composeExtensions (_: _: {}) exts)
-     f);
 }
--- a/src/external-api-docs/package.nix
+++ b/src/external-api-docs/package.nix
@ -1,8 +1,6 @@
 { lib
 , mkMesonDerivation

-, meson
-, ninja
 , doxygen

 # Configuration Options
@ -37,8 +35,6 @@ mkMesonDerivation (finalAttrs: {
    ];

  nativeBuildInputs = [
-    meson
-    ninja
    doxygen
  ];

--- a/src/internal-api-docs/package.nix
+++ b/src/internal-api-docs/package.nix
@ -1,8 +1,6 @@
 { lib
 , mkMesonDerivation

-, meson
-, ninja
 , doxygen

 # Configuration Options
@ -32,8 +30,6 @@ mkMesonDerivation (finalAttrs: {
  ];

  nativeBuildInputs = [
-    meson
-    ninja
    doxygen
  ];

--- a/src/libcmd/package.nix
+++ b/src/libcmd/package.nix
@ -1,11 +1,6 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , nix-util
 , nix-store
@ -38,7 +33,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-cmd";
  inherit version;

@ -54,14 +49,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  buildInputs = [
    ({ inherit editline readline; }.${readlineFlavor})
  ] ++ lib.optional enableMarkdown lowdown;
@ -93,10 +80,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/libexpr-c/package.nix
+++ b/src/libexpr-c/package.nix
@ -1,10 +1,6 @@
 { lib
 , stdenv
-, mkMesonDerivation
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , nix-store-c
 , nix-expr
@ -18,7 +14,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-expr-c";
  inherit version;

@ -35,14 +31,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "h") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  propagatedBuildInputs = [
    nix-store-c
    nix-expr
@ -63,10 +51,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/libexpr/package.nix
+++ b/src/libexpr/package.nix
@ -1,11 +1,7 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
+, mkMesonLibrary

-, meson
-, ninja
-, pkg-config
 , bison
 , flex
 , cmake # for resolving toml11 dep
@ -38,7 +34,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-expr";
  inherit version;

@ -55,15 +51,13 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
    ./lexer.l
    ./parser.y
-    (fileset.fileFilter (file: file.hasExt "nix") ./.)
+    (fileset.difference
+      (fileset.fileFilter (file: file.hasExt "nix") ./.)
+      ./package.nix
+    )
  ];

-  outputs = [ "out" "dev" ];
-
  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
    bison
    flex
    cmake
@ -102,10 +96,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/libfetchers/git-utils.cc
+++ b/src/libfetchers/git-utils.cc
@ -208,7 +208,7 @@ static git_packbuilder_progress PACKBUILDER_PROGRESS_CHECK_INTERRUPT = &packBuil
 static void initRepoAtomically(std::filesystem::path &path, bool bare) {
    if (pathExists(path.string())) return;

-    Path tmpDir = createTempDir(std::filesystem::path(path).parent_path());
+    Path tmpDir = createTempDir(os_string_to_string(PathViewNG { std::filesystem::path(path).parent_path() }));
    AutoDelete delTmpDir(tmpDir, true);
    Repository tmpRepo;

@ -977,8 +977,24 @@ struct GitFileSystemObjectSinkImpl : GitFileSystemObjectSink

    void pushBuilder(std::string name)
    {
+        const git_tree_entry * entry;
+        Tree prevTree = nullptr;
+
+        if (!pendingDirs.empty() &&
+            (entry = git_treebuilder_get(pendingDirs.back().builder.get(), name.c_str())))
+        {
+            /* Clone a tree that we've already finished. This happens
+               if a tarball has directory entries that are not
+               contiguous. */
+            if (git_tree_entry_type(entry) != GIT_OBJECT_TREE)
+                throw Error("parent of '%s' is not a directory", name);
+
+            if (git_tree_entry_to_object((git_object * *) (git_tree * *) Setter(prevTree), *repo, entry))
+                throw Error("looking up parent of '%s': %s", name, git_error_last()->message);
+        }
+
        git_treebuilder * b;
-        if (git_treebuilder_new(&b, *repo, nullptr))
+        if (git_treebuilder_new(&b, *repo, prevTree.get()))
            throw Error("creating a tree builder: %s", git_error_last()->message);
        pendingDirs.push_back({ .name = std::move(name), .builder = TreeBuilder(b) });
    };
--- a/src/libfetchers/package.nix
+++ b/src/libfetchers/package.nix
@ -1,17 +1,11 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , nix-util
 , nix-store
 , nlohmann_json
 , libgit2
-, man

 # Configuration Options

@ -22,7 +16,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-fetchers";
  inherit version;

@ -37,14 +31,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  buildInputs = [
    libgit2
  ];
@ -67,10 +53,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/libfetchers/tarball.cc
+++ b/src/libfetchers/tarball.cc
@ -90,6 +90,7 @@ DownloadFileResult downloadFile(
    /* Cache metadata for all URLs in the redirect chain. */
    for (auto & url : res.urls) {
        key.second.insert_or_assign("url", url);
+        assert(!res.urls.empty());
        infoAttrs.insert_or_assign("url", *res.urls.rbegin());
        getCache()->upsert(key, *store, infoAttrs, *storePath);
    }
--- a/src/libflake/package.nix
+++ b/src/libflake/package.nix
@ -1,19 +1,12 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , nix-util
 , nix-store
 , nix-fetchers
 , nix-expr
 , nlohmann_json
-, libgit2
-, man

 # Configuration Options

@ -24,7 +17,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-flake";
  inherit version;

@ -39,14 +32,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  propagatedBuildInputs = [
    nix-store
    nix-util
@ -67,10 +52,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/libmain-c/package.nix
+++ b/src/libmain-c/package.nix
@ -1,11 +1,6 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , nix-util-c
 , nix-store
@ -21,7 +16,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-main-c";
  inherit version;

@ -38,14 +33,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "h") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  propagatedBuildInputs = [
    nix-util-c
    nix-store
@ -68,10 +55,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/libmain/package.nix
+++ b/src/libmain/package.nix
@ -1,11 +1,6 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , openssl

@ -21,7 +16,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-main";
  inherit version;

@ -36,14 +31,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  propagatedBuildInputs = [
    nix-util
    nix-store
@ -62,10 +49,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/libstore-c/package.nix
+++ b/src/libstore-c/package.nix
@ -1,11 +1,6 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , nix-util-c
 , nix-store
@ -19,7 +14,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-store-c";
  inherit version;

@ -36,14 +31,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "h") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  propagatedBuildInputs = [
    nix-util-c
    nix-store
@ -64,10 +51,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/libstore/filetransfer.cc
+++ b/src/libstore/filetransfer.cc
@ -759,12 +759,17 @@ struct curlFileTransfer : public FileTransfer

                S3Helper s3Helper(profile, region, scheme, endpoint);

+                Activity act(*logger, lvlTalkative, actFileTransfer,
+                    fmt("downloading '%s'", request.uri),
+                    {request.uri}, request.parentAct);
+
                // FIXME: implement ETag
                auto s3Res = s3Helper.getObject(bucketName, key);
                FileTransferResult res;
                if (!s3Res.data)
                    throw FileTransferError(NotFound, "S3 object '%s' does not exist", request.uri);
                res.data = std::move(*s3Res.data);
+                res.urls.push_back(request.uri);
                callback(std::move(res));
 #else
                throw nix::Error("cannot download '%s' because Nix is not built with S3 support", request.uri);
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@ -613,11 +613,20 @@ public:
          `/dev`, `/dev/shm` and `/dev/pts` (on Linux), and the paths
          configured with the `sandbox-paths` option. This is useful to
          prevent undeclared dependencies on files in directories such as
-          `/usr/bin`. In addition, on Linux, builds run in private PID,
-          mount, network, IPC and UTS namespaces to isolate them from other
-          processes in the system (except that fixed-output derivations do
-          not run in private network namespace to ensure they can access the
-          network).
+          `/usr/bin`.
+
+          In addition, on Linux, builds run in private PID, mount, network,
+          IPC and UTS namespaces to isolate them from other processes in the
+          system (except that fixed-output derivations do not run in private
+          network namespace to ensure they can access the network).
+
+          On macOS, local port binding is disabled by default when the
+          sandbox is enabled. Derivations that have the
+          `__darwinAllowLocalNetworking` attribute set to `true` will have a
+          sandbox exception added to allow it.
+
+          The macOS sandbox has known limitations, and should not be
+          considered a strong security boundary.

          Currently, sandboxing only work on Linux and macOS. The use of a
          sandbox requires that Nix is run as root (so you should use the
--- a/src/libstore/package.nix
+++ b/src/libstore/package.nix
@ -1,11 +1,7 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
+, mkMesonLibrary

-, meson
-, ninja
-, pkg-config
 , unixtools

 , nix-util
@ -29,7 +25,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-store";
  inherit version;

@ -51,13 +47,8 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "sql") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ] ++ lib.optional embeddedSandboxShell unixtools.hexdump;
+  nativeBuildInputs =
+    lib.optional embeddedSandboxShell unixtools.hexdump;

  buildInputs = [
    boost
@ -98,10 +89,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/libstore/s3-binary-cache-store.cc
+++ b/src/libstore/s3-binary-cache-store.cc
@ -9,6 +9,7 @@
 #include "globals.hh"
 #include "compression.hh"
 #include "filetransfer.hh"
+#include "signals.hh"

 #include <aws/core/Aws.h>
 #include <aws/core/VersionConfig.h>
@ -117,6 +118,7 @@ class RetryStrategy : public Aws::Client::DefaultRetryStrategy
 {
    bool ShouldRetry(const Aws::Client::AWSError<Aws::Client::CoreErrors>& error, long attemptedRetries) const override
    {
+        checkInterrupt();
        auto retry = Aws::Client::DefaultRetryStrategy::ShouldRetry(error, attemptedRetries);
        if (retry)
            printError("AWS error '%s' (%s), will retry in %d ms",
--- a/src/libstore/unix/build/local-derivation-goal.cc
+++ b/src/libstore/unix/build/local-derivation-goal.cc
@ -2008,7 +2008,7 @@ void LocalDerivationGoal::runChild()
            if (chdir(chrootRootDir.c_str()) == -1)
                throw SysError("cannot change directory to '%1%'", chrootRootDir);

-            if (mkdir("real-root", 0) == -1)
+            if (mkdir("real-root", 0500) == -1)
                throw SysError("cannot create real-root directory");

            if (pivot_root(".", "real-root") == -1)
--- a/src/libutil-c/package.nix
+++ b/src/libutil-c/package.nix
@ -1,11 +1,6 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , nix-util

@ -18,7 +13,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-util-c";
  inherit version;

@ -35,14 +30,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "h") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  propagatedBuildInputs = [
    nix-util
  ];
@ -62,10 +49,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/libutil/package.nix
+++ b/src/libutil/package.nix
@ -1,11 +1,6 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , boost
 , brotli
@ -24,7 +19,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-util";
  inherit version;

@ -43,14 +38,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  buildInputs = [
    brotli
    libsodium
@ -88,10 +75,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/nix/eval.md
+++ b/src/nix/eval.md
@ -50,8 +50,9 @@ R""(

 # Description

-This command evaluates the given Nix expression and prints the
-result on standard output.
+This command evaluates the given Nix expression, and prints the result on standard output.
+
+It also evaluates any nested attribute values and list items.

 # Output format

--- a/src/nix/meson.build
+++ b/src/nix/meson.build
@ -212,18 +212,23 @@ nix_symlinks = [
  'nix-store',
 ]

+executable_suffix = ''
+if host_machine.system() == 'windows'
+  executable_suffix = '.exe'
+endif
+
 foreach linkname : nix_symlinks
  install_symlink(
-    linkname,
+    linkname + executable_suffix,
    # TODO(Qyriad): should these continue to be relative symlinks?
-    pointing_to : 'nix',
+    pointing_to : fs.name(this_exe),
    install_dir : get_option('bindir'),
    # The 'runtime' tag is what executables default to, which we want to emulate here.
    install_tag : 'runtime'
  )
  t = custom_target(
    command: ['ln', '-sf', fs.name(this_exe), '@OUTPUT@'],
-    output: linkname,
+    output: linkname + executable_suffix,
    # TODO(Ericson2314): Don't do this once we have the `meson.override_find_program` working)
    build_by_default: true
  )
@ -233,15 +238,15 @@ endforeach

 install_symlink(
  'build-remote',
-  pointing_to : '..' / '..'/ get_option('bindir') / 'nix',
-  install_dir : get_option('libexecdir') / 'nix',
+  pointing_to : '..' / '..'/ get_option('bindir') / fs.name(this_exe),
+  install_dir : get_option('libexecdir') / fs.name(this_exe),
  # The 'runtime' tag is what executables default to, which we want to emulate here.
  install_tag : 'runtime'
 )

 custom_target(
  command: ['ln', '-sf', fs.name(this_exe), '@OUTPUT@'],
-  output: 'build-remote',
+  output: 'build-remote' + executable_suffix,
  # TODO(Ericson2314): Don't do this once we have the `meson.override_find_program` working)
  build_by_default: true
 )
--- a/src/nix/package.nix
+++ b/src/nix/package.nix
@ -1,21 +1,12 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonExecutable

 , nix-store
 , nix-expr
 , nix-main
 , nix-cmd

-, rapidcheck
-, gtest
-, runCommand
-
 # Configuration Options

 , version
@ -25,7 +16,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonExecutable (finalAttrs: {
  pname = "nix";
  inherit version;

@ -90,12 +81,6 @@ mkMesonDerivation (finalAttrs: {
    ]
  );

-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  buildInputs = [
    nix-store
    nix-expr
@ -118,10 +103,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/src/perl/package.nix
+++ b/src/perl/package.nix
@ -1,13 +1,10 @@
 { lib
 , stdenv
 , mkMesonDerivation
+, pkg-config
 , perl
 , perlPackages
-, meson
-, ninja
-, pkg-config
 , nix-store
-, darwin
 , version
 , curl
 , bzip2
@ -36,8 +33,6 @@ perl.pkgs.toPerlModule (mkMesonDerivation (finalAttrs: {
  ]);

  nativeBuildInputs = [
-    meson
-    ninja
    pkg-config
    perl
    curl
--- a/tests/functional/package.nix
+++ b/tests/functional/package.nix
@ -75,7 +75,6 @@ mkMesonDerivation (finalAttrs: {
    nix-expr
  ];

-
  preConfigure =
    # "Inline" .version so it's not a symlink, and includes the suffix.
    # Do the meson utils, without modification.
--- a/tests/functional/tarball.sh
+++ b/tests/functional/tarball.sh
@ -97,3 +97,17 @@ chmod +x "$TEST_ROOT/tar_root/foo"
 tar cvf "$TEST_ROOT/tar.tar" -C "$TEST_ROOT/tar_root" .
 path="$(nix flake prefetch --refresh --json "tarball+file://$TEST_ROOT/tar.tar" | jq -r .storePath)"
 [[ $(cat "$path/foo") = bar ]]
+
+# Test a tarball with non-contiguous directory entries.
+rm -rf "$TEST_ROOT/tar_root"
+mkdir -p "$TEST_ROOT/tar_root/a/b"
+echo foo > "$TEST_ROOT/tar_root/a/b/foo"
+echo bla > "$TEST_ROOT/tar_root/bla"
+tar cvf "$TEST_ROOT/tar.tar" -C "$TEST_ROOT/tar_root" .
+echo abc > "$TEST_ROOT/tar_root/bla"
+echo xyzzy > "$TEST_ROOT/tar_root/a/b/xyzzy"
+tar rvf "$TEST_ROOT/tar.tar" -C "$TEST_ROOT/tar_root" ./a/b/xyzzy ./bla
+path="$(nix flake prefetch --refresh --json "tarball+file://$TEST_ROOT/tar.tar" | jq -r .storePath)"
+[[ $(cat "$path/a/b/xyzzy") = xyzzy ]]
+[[ $(cat "$path/a/b/foo") = foo ]]
+[[ $(cat "$path/bla") = abc ]]
--- a/tests/nixos/s3-binary-cache-store.nix
+++ b/tests/nixos/s3-binary-cache-store.nix
@ -51,6 +51,9 @@ in {

    server.succeed("${env} nix copy --to '${storeUrl}' ${pkgA}")

+    # Test fetchurl on s3:// URLs while we're at it.
+    client.succeed("${env} nix eval --impure --expr 'builtins.fetchurl { name = \"foo\"; url = \"s3://my-cache/nix-cache-info?endpoint=http://server:9000&region=eu-west-1\"; }'")
+
    # Copy a package from the binary cache.
    client.fail("nix path-info ${pkgA}")

--- a/tests/unit/libexpr-support/package.nix
+++ b/tests/unit/libexpr-support/package.nix
@ -1,11 +1,6 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , nix-store-test-support
 , nix-expr
@ -21,7 +16,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-util-test-support";
  inherit version;

@ -37,14 +32,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  propagatedBuildInputs = [
    nix-store-test-support
    nix-expr
@ -66,10 +53,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/tests/unit/libexpr/package.nix
+++ b/tests/unit/libexpr/package.nix
@ -1,12 +1,7 @@
 { lib
 , buildPackages
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonExecutable

 , nix-expr
 , nix-expr-c
@ -26,7 +21,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonExecutable (finalAttrs: {
  pname = "nix-expr-tests";
  inherit version;

@ -42,12 +37,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  buildInputs = [
    nix-expr
    nix-expr-c
@ -71,10 +60,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  passthru = {
    tests = {
      run = runCommand "${finalAttrs.pname}-run" {
--- a/tests/unit/libfetchers/package.nix
+++ b/tests/unit/libfetchers/package.nix
@ -1,12 +1,7 @@
 { lib
 , buildPackages
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonExecutable

 , nix-fetchers
 , nix-store-test-support
@ -25,7 +20,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonExecutable (finalAttrs: {
  pname = "nix-fetchers-tests";
  inherit version;

@ -41,12 +36,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  buildInputs = [
    nix-fetchers
    nix-store-test-support
@ -69,10 +58,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  passthru = {
    tests = {
      run = runCommand "${finalAttrs.pname}-run" {
--- a/tests/unit/libflake/package.nix
+++ b/tests/unit/libflake/package.nix
@ -1,12 +1,7 @@
 { lib
 , buildPackages
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonExecutable

 , nix-flake
 , nix-expr-test-support
@ -25,7 +20,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonExecutable (finalAttrs: {
  pname = "nix-flake-tests";
  inherit version;

@ -41,12 +36,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  buildInputs = [
    nix-flake
    nix-expr-test-support
@ -69,10 +58,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  passthru = {
    tests = {
      run = runCommand "${finalAttrs.pname}-run" {
--- a/tests/unit/libstore-support/package.nix
+++ b/tests/unit/libstore-support/package.nix
@ -1,11 +1,6 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , nix-util-test-support
 , nix-store
@ -21,7 +16,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-store-test-support";
  inherit version;

@ -37,14 +32,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  propagatedBuildInputs = [
    nix-util-test-support
    nix-store
@ -66,10 +53,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/tests/unit/libstore/package.nix
+++ b/tests/unit/libstore/package.nix
@ -1,12 +1,7 @@
 { lib
 , buildPackages
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonExecutable

 , nix-store
 , nix-store-c
@ -27,7 +22,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonExecutable (finalAttrs: {
  pname = "nix-store-tests";
  inherit version;

@ -43,12 +38,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  buildInputs = [
    nix-store
    nix-store-c
@ -73,10 +62,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  passthru = {
    tests = {
      run = let
--- a/tests/unit/libutil-support/package.nix
+++ b/tests/unit/libutil-support/package.nix
@ -1,11 +1,6 @@
 { lib
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonLibrary

 , nix-util

@ -20,7 +15,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonLibrary (finalAttrs: {
  pname = "nix-util-test-support";
  inherit version;

@ -36,14 +31,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  outputs = [ "out" "dev" ];
-
-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  propagatedBuildInputs = [
    nix-util
    rapidcheck
@ -64,10 +51,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  meta = {
    platforms = lib.platforms.unix ++ lib.platforms.windows;
  };
--- a/tests/unit/libutil/package.nix
+++ b/tests/unit/libutil/package.nix
@ -1,12 +1,7 @@
 { lib
 , buildPackages
 , stdenv
-, mkMesonDerivation
-, releaseTools
-
-, meson
-, ninja
-, pkg-config
+, mkMesonExecutable

 , nix-util
 , nix-util-c
@ -25,7 +20,7 @@ let
  inherit (lib) fileset;
 in

-mkMesonDerivation (finalAttrs: {
+mkMesonExecutable (finalAttrs: {
  pname = "nix-util-tests";
  inherit version;

@ -41,12 +36,6 @@ mkMesonDerivation (finalAttrs: {
    (fileset.fileFilter (file: file.hasExt "hh") ./.)
  ];

-  nativeBuildInputs = [
-    meson
-    ninja
-    pkg-config
-  ];
-
  buildInputs = [
    nix-util
    nix-util-c
@ -70,10 +59,6 @@ mkMesonDerivation (finalAttrs: {
    LDFLAGS = "-fuse-ld=gold";
  };

-  separateDebugInfo = !stdenv.hostPlatform.isStatic;
-
-  hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie";
-
  passthru = {
    tests = {
      run = runCommand "${finalAttrs.pname}-run" {
Author	SHA1	Message	Date
Andrew Marshall	60ac7837a3	Merge `9492a64005` into `806a91f7bf`	2024-10-15 11:30:18 +02:00
Robert Hensing	806a91f7bf	Merge pull request #11688 from roberth/meson-tidy Clean up the `package.nix` files	2024-10-14 17:40:46 +02:00
Eelco Dolstra	d5c45952ac	Merge pull request #11690 from DeterminateSystems/non-contiguous-tarballs Handle tarballs where directory entries are not contiguous	2024-10-14 14:50:31 +02:00
Eelco Dolstra	b11c331c53	Merge pull request #11684 from geofft/real-root-mode-0500 libstore: Make our sandbox pivot_root directory accessible to ourself	2024-10-14 14:35:37 +02:00
Eelco Dolstra	a7b9877da9	Add a test	2024-10-14 14:10:36 +02:00
Eelco Dolstra	71c2d82302	Merge pull request #11677 from DeterminateSystems/fix-s3-crash builtins.fetchurl: Fix segfault on s3:// URLs	2024-10-14 13:55:49 +02:00
Eelco Dolstra	4012954b59	Handle tarballs where directory entries are not contiguous I.e. when not all entries underneath a directory X follow eachother, but there is some entry Y that isn't a child of X in between. Fixes #11656.	2024-10-14 13:53:54 +02:00
Eelco Dolstra	d2f4d07619	Add assert	2024-10-14 13:15:55 +02:00
Robert Hensing	15e3e1543b	packaging: Add mkMeson{Library,Executable} and: - move pkg-config out of mkMesonDerivation, for components that don't produce any executable code	2024-10-13 23:17:54 +02:00
Robert Hensing	e10ff893e5	packaging: Factor out mkPackageBuilder	2024-10-13 22:43:06 +02:00
Robert Hensing	0aef34b790	packaging: Add mesonLayer ... and remove a few unused arguments. This adds pkg-config to a two or three packages that don't use it, but we shouldn't let that bother us. It's like our personal stdenv.	2024-10-13 22:39:53 +02:00
Robert Hensing	d21026b6f1	packaging: Remove package.nix from libexpr src	2024-10-13 22:18:57 +02:00
Robert Hensing	0a49d1e0d2	refactor: lib.composeManyExtensions	2024-10-13 22:03:52 +02:00
Robert Hensing	ab0f9f9089	Merge pull request #11680 from Mic92/git-utils git-utils: fix x86_64-w64-mingw32 build	2024-10-13 13:09:00 +02:00
Valentin Gagarin	de0a34a362	doc: note that `nix eval` is eager (#11670 ) doc: note that `nix eval` is eager --------- Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>	2024-10-13 12:31:01 +02:00
Robert Hensing	3c59df412a	nix/meson.build: Rename name_suffix -> executable_suffix	2024-10-13 12:29:48 +02:00
Geoffrey Thomas	5a794d9366	libstore: Make our sandbox pivot_root directory accessible to ourself If you have the Nix store mounted from a nonlocal filesystem whose exporter is not running as root, making the directory mode 000 makes it inaccessible to that remote unprivileged user and therefore breaks the build. (Specifically, I am running into this with a virtiofs mount using Apple Virtualization.framework as a non-root user, but I expect the same thing would happen with virtiofs in qemu on Linux as a non-root user or with various userspace network file servers.) Make the directory mode 500 (dr-x------) to make the sandbox work in this use case, which explicitly conveys our intention to read and search the directory. The code only works because root can already bypass directory checks, so this does not actually grant more permissions to the directory owner / does not make the sandbox less secure.	2024-10-12 19:55:58 -04:00
Jörg Thalheim	bd1961b7cc	meson: fix executable extensions for windows build	2024-10-11 21:50:50 +02:00
Jörg Thalheim	30655dd146	git-utils: fix x86_64-w64-mingw32 build	2024-10-11 21:04:52 +02:00
Eelco Dolstra	d38f62f64d	Make S3 downloads slightly more interruptable	2024-10-11 14:55:22 +02:00
Eelco Dolstra	0500fba56a	builtins.fetchurl: Fix segfault on s3:// URLs Also, add an activity to show that we're downloading an s3:// file. Fixes #11674.	2024-10-11 14:32:34 +02:00
Andrew Marshall	9492a64005	Document that the macOS sandbox is not a security boundary See e.g. discussion in https://github.com/NixOS/nix/pull/11270	2024-09-11 17:38:16 -04:00
Andrew Marshall	34dd70d287	Document __darwinAllowLocalNetworking sandbox exception Split the larger paragraph above so OS-specific bits are in separate paragraphs. No changes to the split out text (just reformatting lines).	2024-09-11 17:38:16 -04:00